This page provides an overview of Security Assertion Markup Language (SAML) authentication in Cisco AppDynamics on-premises environments.
The Cisco AppDynamics Controller can use the Cisco Customer Identity or an external SAML identity provider (IdP) to authenticate and authorize users. The Cisco Customer Identity will enable users to reuse an existing Cisco Identity and redirect them to the Cisco Identity Provider (IdP) when signing in.
For instructions to set up SAML authentication, see Configure Basic SAML On-Premises Authentication.
Supported Identity Providers
Cisco AppDynamics certifies support for the following identity providers (IdPs):
- Okta
- Onelogin
- Ping Identity
- Azure AD
- IBM Cloud Identity
- Active Directory Federation Service (AD FS)
Other IdPs supporting HTTP POST binding are also compatible with Cisco AppDynamics SAML authentication. If you are having issues setting up SAML with your IdP, contact customer support for help.
Binding Support
Cisco AppDynamics supports identity federation with SAML 2.0, an open standard used by many IdPs. This identity federation enables single sign-on (SSO) with HTTP POST binding for the SAML request and HTTP POST binding for the IdP response.
The bindings have the following requirements:
- HTTP is the required transport. Optionally, you can also configure HTTPS transport.
- The Cisco AppDynamics Controller uses HTTP GET or POST for the authentication request for the sign-out message to the identity provider. The IdP also uses HTTP GET and POST to return the response.
How SAML Authentication Works with Cisco AppDynamics
With SAML authentication enabled:
- You navigate to the Controller login page and enter your account name.
- The Controller redirects you to the external SAML IdP.
- From the IdP, enter your credentials.
The IdP redirects and logs you into the Controller.
To log in to the Controller, users require access to both the Controller and the identity provider service through the network from their computer. You can configure the Controller to assign roles to authenticated users based on group attributes in their SAML responses. See Map SAML-Authenticated Users to AppDynamics Roles.
Only users assigned to the Cisco AppDynamics role Account Owner can configure SAML authentication in the Controller and assign other users to the Account Owner role. Roles govern user privileges in the Controller. See Roles and Permissions.